back to article Popping the Tesla S bonnet – to reveal SIX NEW FLAWS

Security researchers have uncovered six fresh vulnerabilities with the Tesla S. Kevin Mahaffey, CTO of mobile security firm Lookout, and Cloudflare’s principal security researcher Marc Rogers, discovered the flaws after physically examining a vehicle before working with Elon Musk’s firm to resolve security bugs in the electric …

  1. John Robson Silver badge

    Seems like quite a complimentary review

    Not necessarily good that the were such flaws, better than most in that the failure cases were basically* 'safe', if blooming inconvenient.

    Much more so the approach to working with the researchers and fixing things, as well as the overall architecture, with modules secured against each other etc...

    * Of course applying the handbrake on a level crossing isn't safe, but you get the gist...

  2. dotdavid

    "Despite uncovering half a dozen security bugs the two researcher nonetheless came away impressed by Tesla’s infosec policies and procedures as well as its fail-safe engineering approach."

    Seems like Tesla is doing stuff right; compare and contrast the response of certain other car manufacturers.

    1. Grikath

      sort of... I still wonder why the hell the "infotainment system" is connected to the bits that operate the car, other than read-only for display purposes ( if at all..).

      I also wonder about that handbrake.. I'm not an expert, but shouldn't that particular bit be entirely mechanical?

      1. Ragarath

        I also wonder about that handbrake.. I'm not an expert, but shouldn't that particular bit be entirely mechanical?

        Handbrakes on a lot of newer cars are now electronically controlled at the push of a button or even automatic. Run by small motors on the callipers if I'm not mistaken (I cannot afford one of these new fangled cars to check).

        1. Gene Cash Silver badge

          > Handbrakes on a lot of newer cars are now ... run by small motors

          So if my car runs out of battery (not really possible on a Tesla, I know) it rolls downhill? That'll be an interesting lawsuit when it hits something.

          1. Pascal Monett Silver badge

            Not quite.

            The setting and removal of the handbrake is via the button, but the handbrake system itself does not require energy to remain in place. It's like electric doors - they only need energy to move.

            If you lose battery power with the handbrake on, you can be sure your car isn't going anywhere until you've plugged it in via the ever-useful jump cables.

          2. annodomini2
            Boffin

            It's powered disengaged, rather than powered engaged.

            Most systems have a release mechanism (to drive to dealer), but most lose the handbrake after this point.

  3. Bob Wheeler
    Happy

    I guess ...

    as Tesla is a new ground-up car maker, as oppossed to the old school GM, Ford's of the world they can, and indeed need to take a radically different approach to software security.

  4. Marcelo Rodrigues
    Headmaster

    Nitpicking for fun

    "Telsa" is mispelled on the title.

    It is good to see someone taking security serious and not as an afterthought.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nitpicking for fun

      "It is good to see someone taking security serious and not as an afterthought."

      Yes, but it might be even better not to have integrated "infotainment" and some actual car functions. It does worry me just a little that I can fiddle with the door lock settings from the screen, and although there is no wifi or 3/4G connection there is always Bluetooth.

      1. Pascal Monett Silver badge

        Re: not to have integrated "infotainment" and some actual car functions

        Absolutely agreed.

        Have an infotainment system, by all means.

        On a completely separate bus, using totally separate components. THAT is the only acceptable level of security. Anything else can be bypassed eventually.

      2. MattPi

        Re: Nitpicking for fun

        "Yes, but it might be even better not to have integrated "infotainment" and some actual car functions. It does worry me just a little that I can fiddle with the door lock settings from the screen, and although there is no wifi or 3/4G connection there is always Bluetooth."

        true, but many newer cars have the ability to adjust "car" settings from a screen. My Toyota has two screens; there's a small screen with the clock and MPG display and in there I can adjust how the interior lights shut off, if the car locks itself after an amount of time, etc.. The other screen is the nav and radio. If you had a car that came standard with infotainment/nav, they'd probably just have one screen that does both.

        1. Anonymous Coward
          Anonymous Coward

          Re: Nitpicking for fun

          "My Toyota has two screens" - and mine has one to handle everything, but having two screens doesn't prove that there isn't one underlying OS.

  5. David Kelly 2

    Firmware Updates

    My Tesla got a firmware update 7/20 and another last night.

  6. Hawkeye Pierce

    Good that they found problems

    Much as it pains me to say, if a security review fails to find any problems, my first thought is to query the thoroughness of the review. If problems are found, but they are at the lower end of the spectrum, then whoever the developers are deserve a moment or two of self-congratulary adoration before chastising themselves for those problems that did exist.

  7. Mark 85

    Good on them....

    As for the handbrake, that's a fail-safe also in the sense that it can NOT be applied at speed. If it could, locking up the wheels (either front or rear but not both is normal) the car would suddenly be sliding out of control. At least this way, the kinetic energy of the car in motion (speed) bleeds off before the handbrake can be safely applied.

    I found this out the hard way about 20 years when the brake system (old, used car) had a brake failure. Grabbing the handbrake locked the rear wheels and put the car in a slide and then a spin.

    1. Stoneshop
      FAIL

      Re: Good on them....

      In all the cars I know the handbrake applies ONLY to the rear wheels, and is generally insufficiently powerful to actually lock them when the car is moving, except on ice, snow or an otherwise slippery road surface. Also, if you actually managed to lock the rear wheels and the car went into a spin you a) just yanked the handle instead of controlling the braking like you would with the footbrake, and b) then let the car go into a slide. From which I conclude that you haven't driven on snow much.

      Things may be different with cars that have an electrically operated handbrake.

      1. Solmyr ibn Wali Barad

        Re: Good on them....

        "Things may be different with cars that have an electrically operated handbrake."

        That's a problem, yes. It's either on or off, no gradual control over the handbrake anymore. Thus unsuitable for using as an 'auxiliary steering device'.

        1. Anonymous Coward
          Anonymous Coward

          Re: Good on them....

          "That's a problem, yes. It's either on or off, no gradual control over the handbrake anymore"

          I think this is a feature. It stops stupid kids doing handbrake turns in the car park, and the traction control/electronic stability system is supposed to make up for when you actually needed to use the handbrake for control.

          Good thing, bad thing, wouldn't like to say.

          1. Solmyr ibn Wali Barad

            Re: Good on them....

            Yes, safety is definitely one of the reasons. Scoring innovation points is other.

            That's perfectly fine, if manual handbrakes are still available for those who fancy them.

        2. Rusty 1

          Re: Good on them....

          If you really use the handbrake (whatever process that really describes - chucking an anchor out of the car, retarding the speed of the rear wheels, jettisoning the front wheels) as an auxiliary steering device, I do hope you never use the same roads as me.

          OK, sure, I've have a bit of fun in icy car parks applying the handbrake, but it really doesn't form part of the typical driving style. And nor should it. You just can't understand the handling characteristics unless you know the location and its condition intimately (i.e. you are racing on a circuit).

          1. Vic

            Re: Good on them....

            OK, sure, I've have a bit of fun in icy car parks applying the handbrake, but it really doesn't form part of the typical driving style. And nor should it

            I have an old driving manual somewhere which recommends use of the handbrake as a way of countering understeer. It's quite an old book - and it does seem to expect a rather higher standard of driver than is now assumed...

            Vic.

          2. Solmyr ibn Wali Barad

            Re: Good on them....

            "I do hope you never use the same roads as me."

            Your wish is my command.

      2. Vic

        Re: Good on them....

        In all the cars I know the handbrake applies ONLY to the rear wheels

        Citroen XM has the emergency brake (it's not a handbrake - it's foot-operated) on the front wheels. Which is good when you get a total hydraulic failure on the motorway...

        I'm sure there are other cars that do the same - but not that I've owned.

        and is generally insufficiently powerful to actually lock them when the car is moving

        Really? You've never done a handbrake turn?

        Vic.

      3. John Robson Silver badge

        Re: Good on them....

        @Stoneshop - In all the cars I know the handbrake applies ONLY to the rear wheels

        Citroen C5 - Handbrake, drive and steering are all on the front wheels...

        OTOTH they are often low power, my Father recalls thinking that a company car he was delivering up the M1 wasn't pulling well, then realised he hadn't taken the handbrake off...

  8. John Smith 19 Gold badge
    Unhappy

    "system-level isolation between drive and entertainment systems. "

    Good idea.

    Perhaps other companies will do that as well.

  9. Anonymous Coward
    Anonymous Coward

    Just the tip of the iceberg

    It's disgraceful that any company would sell a product that uses computers and software yet lacks top quality security, especially transportation vehicles be they planes, trains, autos, etc. Oh wait, Microsucks has been selling defective computer products for 25+ years. For a minute I thought we had a revelation where hackers were suddenly able to hack into PCs or other computers due to a outrageous lack of security and massive code defects. Apparently nothing new here as crims have been entering digitally secured vehicles and removing valuables, without setting off any alarms. Other crims just swap out the ECU and drive the car away to be sold or chop shopped.

    The fact that Jeep and Tesla are this week's fully compromised models where hackers can take control of the vehicle should give pause to the manic efforts by the UK to get autonomous vehicles on the roadways well before they are properly engineered to do so. When security is an after thought, the Tesla/Jeep issues come by the boatloads. This weeks real world hacking displays show just the tip of the security iceberg that is about to be exploited at an exponential rate. AVs will offer hackers hundreds more hacking opportunities per model over conventional current automotive models.

    1. John Robson Silver badge

      Re: Just the tip of the iceberg

      Did you read the article?

    2. Weapon

      Re: Just the tip of the iceberg

      The Tesla was never hacked, they first had PHYSICAL ACCESS to the car and modified it. (with physical access you can break any car by modifying the engines or etc). Tesla still fixed it in a day or 2.

      Even then none of the 6 hacks pose any safety issues. So you are not making any sense.

      PS no hacker is going to bother hacking cars to begin with realistically. There is no money in it. Same thing with PCs, most PC hacks are to gain control of a PC and use it as a zombie to try to attack servers and banks (where the real money is)

      1. Anonymous Coward
        Anonymous Coward

        Re: Just the tip of the iceberg

        Umm, P.S. did you not see the slew of security problems around keyless entry systems and the like which allowed thieves to drive away high priced German cars?

        There's good money in stealing cars.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like